Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Huawei > HCIP-Datacom > H12-841_V1.5

H12-841_V1.5 HCIP-Datacom-Campus Network Planning and Deployment V1.5 Question and Answers

Question # 4

(On a virtualized network deployed using iMaster NCE-Campus, after an administrator performs an operation, iMaster NCE-Campus delivers the following configuration to devices. Which of the following operations did the administrator perform?)

acl number9997

rule1permit ip source ucl-groupnameResearch_Group destination ucl-groupnameSales_Group

rule2permit ip source ucl-groupnameResearch_Group destination ucl-groupnameGuest_Group

A.

Deploy a policy control matrix.

B.

Deploy inter-VN communication.

C.

Create a security group.

D.

Create an authorization result.

Full Access
Question # 5

(As shown in the following figure, R1 and R2 establish an IPsec VPN in ISAKMP mode for communication. For IPsec proposals on R1 and R2, ESP is used, the encapsulation mode is set to tunnel mode, SHA1 is configured as the authentication algorithm, and AES-256 is configured as the encryption algorithm. In addition, IKEv1 is configured for IKE peers, the main mode is configured for IKEv1 negotiation phase 1, and the PSK Huawei@123 is configured for PSK authentication between IKE peers. For IKE proposals on R1 and R2, SHA1 is configured as the authentication algorithm, AES-256 is configured as the encryption algorithm, and DH group 1 is configured for IKE negotiation. Based on these configurations on R1 and R2, drag the configuration items on the left to the correct locations on the right.)

Full Access
Question # 6

(Which of the following technologies can be used to isolate users in the same VLAN, enhance user communication security, and prevent invalid broadcast packets from affecting services?)

A.

Super VLAN

B.

Port isolation

C.

IPSG

D.

Ethernet port security

Full Access
Question # 7

(MAC address learning of a static VXLAN tunnel depends on exchange of packets, such as ARP packets, between hosts.)

A.

TRUE

B.

FALSE

Full Access
Question # 8

(During WLAN planning and design, channels 1, 6, and 11 are recommended on the 2.4 GHz frequency band, and channels 1, 5, 9, and 13 are recommended in high-density scenarios. On the 5 GHz frequency band, it is recommended that high-frequency and low-frequency channels of adjacent APs be staggered to prevent overlapping.)

A.

TRUE

B.

FALSE

Full Access
Question # 9

(On a virtualized network deployed using iMaster NCE-Campus, which of the following methods can be used by a network administrator during VN creation to create user network segments?)

A.

Manually create them one by one.

B.

Import them in a batch using a template.

C.

Directly invoke the user network segments in the global resource pool of the fabric.

D.

Create them in a batch through automatic allocation.

Full Access
Question # 10

(On a small- or medium-sized campus network deployed based on the Huawei CloudCampus Solution, an AR functioning as the egress gateway supports web-based network management, registration center query, and DHCP Option 148-based deployment, but does not support CLI-based deployment.)

A.

TRUE

B.

FALSE

Full Access
Question # 11

(When advertising routes, BGP EVPN uses EVPN Router's MAC Extended Community to carry the Router MAC field of a VTEP.)

A.

TRUE

B.

FALSE

Full Access
Question # 12

(Network Quality Analysis (NQA) is a real-time network performance detection and measurement technology. It monitors the performance of multiple protocols running on a network. Which of the following can be monitored by NQA?)

A.

OSPF

B.

DHCP

C.

SNMP

D.

ICMP

Full Access
Question # 13

(Free mobility is deployed on a campus network through iMaster NCE-Campus. To enable a policy enforcement point to obtain IP-security group entries, which of the following methods can be used?)

A.

If the policy enforcement point is not an authentication point, administrators need to configure IP-security group entry subscription on iMaster NCE-Campus, which then pushes IP-group entries to the policy enforcement point.

B.

If the policy enforcement point is not an authentication point, the authentication point pushes IP-security group entries to it.

C.

If the policy enforcement point is also an authentication point, iMaster NCE-Campus proactively pushes IP-security group entries to it.

D.

iMaster NCE-Campus proactively pushes IP-security group entries to policy enforcement points regardless of the scenario.

Full Access
Question # 14

(When access authentication is deployed on a network, which of the following servers typically reside in the pre-authentication domain?)

A.

FTP server

B.

Antivirus server

C.

DHCP server

D.

DNS server

Full Access
Question # 15

(On the Device Management page of iMaster NCE-Campus, which of the following functions will automatically enable the SSH proxy tunnel of the network device?)

A.

Summary

B.

Entry Query

C.

Device Configuration

D.

Command Line

Full Access
Question # 16

(On a small- or medium-sized campus network, multi-carrier links can be deployed at the egress for backup to ensure egress reliability.)

A.

TRUE

B.

FALSE

Full Access
Question # 17

(Refer to the figure.

Which of the following steps aremandatoryto enable 802.1X authentication on GE0/0/2 and GE0/0/3 of SW3 and configure a RADIUS server to authenticate and deliver network access rights to users?Choose all that apply.)

A.

Configure an authentication domain.

B.

Configure an authentication profile.

C.

Configure an 802.1X access profile.

D.

Configure an AAA scheme.

Full Access
Question # 18

(Which of the following advantages are provided by Telemetry compared with SNMP?Choose all that apply.)

A.

Telemetry supports various data types based on the YANG model.

B.

Telemetry establishes sessions based on SSH, ensuring security.

C.

Telemetry configures and manages different databases of managed devices.

D.

Telemetry supports second-level data collection with higher precision.

Full Access
Question # 19

(Which of the following statements isfalseabout sites on a virtualized network deployed using iMaster NCE-Campus?)

A.

iMaster NCE-Campus does not support batch site creation.

B.

Tenants configure and manage devices by site.

C.

iMaster NCE-Campus allows administrators to create sites one by one.

D.

A site is a tenant network created by a tenant administrator.

Full Access
Question # 20

(An administrator monitors the network status on iMaster NCE-Campus. The figure shows alarm information displayed on iMaster NCE-Campus. How manywarning alarmsare generated on the network?)

A.

0

B.

1

C.

5

D.

10

Full Access
Question # 21

(Fabric nodes need to be planned during fabric design on a CloudCampus virtualized campus network. Which of the following statements about node planning on a fabric is false?)

A.

It is recommended that core devices be deployed as border nodes, and access or aggregation devices be deployed as edge nodes.

B.

It is recommended that access devices be deployed as edge nodes to implement end-to-end automatic VXLAN deployment.

C.

When the fabric needs to connect to two external networks located in different physical locations, two border nodes need to be deployed.

D.

If a BGP EVPN RR is required on a VXLAN network, BGP peer relationships need to be established between edge nodes and border nodes and between edge nodes.

Full Access
Question # 22

(Which of the following can be used to classify campus networks?)

A.

Network scale

B.

Served objects

C.

Access mode

D.

Service complexity

Full Access
Question # 23

(Based on the VXLAN tunnel creation mode, what are the different types of VXLAN tunnels?)

A.

Stateless VXLAN tunnel

B.

Static VXLAN tunnel

C.

Dynamic VXLAN tunnel

D.

Stateful VXLAN tunnel

Full Access
Question # 24

(ESP is an IP-based transport-layer protocol. Which of the following is its protocol number?)

A.

47

B.

50

C.

51

D.

102

Full Access
Question # 25

(Both SNMP and NETCONF can be used to manage network devices. Which of the following statements about the two protocols is true?)

A.

Both SNMP and NETCONF use the client/server architecture. The network management station (NMS) functions as the server, and the managed network devices function as clients.

B.

Both SNMP and NETCONF manage objects through management information bases (MIBs) on network devices.

C.

NETCONF provides a locking mechanism to prevent multiple user operations from conflicting.

D.

SNMP provides multiple configuration databases, which can back up each other.

Full Access
Question # 26

(After the Huawei CloudCampus Solution is deployed on a campus network, which of the following protocol packets may be exchanged between the management layer and network layer?)

A.

NETCONF

B.

SNMP

C.

RADIUS

D.

YANG

Full Access
Question # 27

(iMaster NCE-CampusInsight uses SNMP technology to collect metrics and logs of network devices and detects network exceptions based on real service traffic.)

A.

TRUE

B.

FALSE

Full Access
Question # 28

(On a small- or medium-sized campus network deployed based on the Huawei CloudCampus Solution, if a single AP is used as the network egress and needs to be managed by iMaster NCE-Campus, in which of the following modes should the AP work?)

A.

RU

B.

Fit

C.

Cloud

D.

Fat

Full Access
Question # 29

(When configuring access authentication, you need to define the items authorized to users in the authorization result. Which of the following items does not need to be defined?)

A.

VLAN

B.

IP address

C.

Security group

D.

ACL

Full Access
Question # 30

(Which of the following statements about authentication profile configuration is true?)

A.

By default, users access the default domain, which cannot be modified using the CLI.

B.

On the same interface of the same device, all authentication types (such as Portal, MAC address, and 802.1X) must be configured with the same default domain or forcible domain.

C.

When multiple access profiles are bound to an authentication profile, authentication is triggered in the following sequence: 802.1X authentication → Portal authentication → MAC address authentication.

D.

If a forcible domain is configured for a user, the user is forcibly authenticated in the forcible domain regardless of whether the user name contains the domain name.

Full Access
Question # 31

(Which of the following roles is not a core role in Huawei's free mobility solution?)

A.

Policy enforcement device

B.

Policy control device

C.

iMaster NCE-Campus

D.

Authentication device

Full Access